*[ACM]: Association for Computing Machinery *[AFB]: Air Force Base *[AFLCMC]: Air Force Life Cycle Management Center *[AI]: Artificial Intelligence *[AMA]: Ask Me Anything *[API]: Application Programming Interface *[ASCII]: American Standard Code for Information Interchange *[ATMs]: Automated Teller Machines *[ATM]: Automated Teller Machine *[BCP]: Best Current Practice *[BFF]: CERT Basic Fuzzing Framework *[BGP]: Border Gateway Protocol *[BIND]: Berkeley Internet Name Domain *[BOD]: Binding Operational Directive *[CAPEC]: Common Attack Pattern Enumeration and Classification *[CA]: Certificate Authority *[CERT/CC]: CERT Coordination Center, a part of the Software Engineering Institute at Carnegie Mellon University *[CERT]: The CERT Division of the Software Engineering Institute *[CISA]: Cybersecurity and Infrastructure Security Agency, a part of the U.S. Department of Homeland Security *[CI]: Continuous Integration *[CD]: Continuous Deployment *[CMU]: Carnegie Mellon University *[CNAs]: CVE Numbering Authorities *[CNA]: CVE Numbering Authority *[COPPA]: Children's Online Privacy Protection Act *[CPE]: Common Platform Enumeration *[CSAF]: Common Security Advisory Framework *[CSIRTs]: Computer Security Incident Response Teams *[CSIRT]: Computer Security Incident Response Team *[MPCVD]: Multi-Party Coordinated Vulnerability Disclosure *[CVD]: Coordinated Vulnerability Disclosure *[CVE]: Common Vulnerabilities and Exposures *[CVRF]: Common Vulnerability Reporting Format, superseded by the Common Security Advisory Framework (CSAF) *[CVSS]: Common Vulnerability Scoring System *[CWE]: Common Weakness Enumeration *[CWSS]: Common Weakness Scoring System *[DFIR]: Digital Forensics and Incident Response *[DHS]: U.S. Department of Homeland Security *[DNS]: Domain Name System *[DoD]: U.S. Department of Defense *[DoJ]: U.S. Department of Justice *[DDoS]: Distributed Denial of Service *[DoS]: Denial of Service *[EFF]: Electronic Frontier Foundation *[ENISA]: European Union Agency for Cybersecurity *[EOL]: End of Life *[EO]: Executive Order *[EU]: European Union *[FAQ]: Frequently Asked Questions *[FCC]: U.S. Federal Communications Commission *[FBI]: U.S. Federal Bureau of Investigation *[FDA]: U.S. Food and Drug Administration *[FERPA]: Family Educational Rights and Privacy Act *[FIRST]: Forum of Incident Response and Security Teams *[FI]: Finland *[FTC]: U.S. Federal Trade Commission *[FTP]: File Transfer Protocol *[GnuPG]: GNU Privacy Guard, an implementation of the OpenPGP standard *[GPG]: GNU Privacy Guard, an implementation of the OpenPGP standard *[HIPPA]: Health Insurance Portability and Accountability Act *[HTML]: Hyper Text Markup Language *[HTTP]: Hyper Text Transfer Protocol *[HTTPS]: Hyper Text Transfer Protocol Secure *[HVAC]: Heating, Ventilation, and Air Conditioning *[IEC]: International Electrotechnical Commission *[IEEE]: Institute of Electrical and Electronics Engineers *[IETF]: Internet Engineering Task Force *[IoT]: Internet of Things *[IP]: Internet Protocol *[ISACs]: Information Sharing and Analysis Centers *[ISAC]: Information Sharing and Analysis Center *[ISAOs]: Information Sharing and Analysis Organizations *[ISAO]: Information Sharing and Analysis Organization *[ISO]: International Organization for Standardization *[ISPs]: Internet Service Providers *[ISP]: Internet Service Provider *[JPCERT/CC]: Japan Computer Emergency Response Team Coordination Center *[JSON]: JavaScript Object Notation *[JTAG]: Joint Test Action Group *[JVN]: Japan Vulnerability Notes *[ML]: Machine Learning *[MON]: The Monitoring Process Area of the CERT Resilience Management Model *[MPLS]: Multiprotocol Label Switching *[NCSC]: National Cyber Security Centre *[NDAs]: Non-Disclosure Agreements *[NDA]: Non-Disclosure Agreement *[NHTSA]: National Highway Traffic Safety Administration *[NIAC]: National Infrastructure Advisory Council *[NIST]: National Institute of Standards and Technology *[NL]: The Netherlands *[NTIA]: National Telecommunications and Information Administration *[NTP]: Network Time Protocol *[NVD]: National Vulnerability Database *[OASIS]: Organization for the Advancement of Structured Information Standards *[OCTAVE]: Operationally Critical Threat, Asset, and Vulnerability Evaluation *[OpSec]: Operational Security *[OS]: Operating System *[OUSPG]: Oulu University Secure Programming Group *[PCI DSS]: Payment Card Industry Data Security Standard *[PGP]: Pretty Good Privacy *[PoC]: Proof of Concept Exploit *[PSIRTs]: Product Security Incident Response Teams *[PSIRT]: Product Security Incident Response Team *[REST]: Representational State Transfer *[RE]: Reverse Engineering *[RFCs]: Requests for Comments *[RFC]: Request for Comments *[RFID]: Radio Frequency Identification *[RMM]: The CERT Resilience Management Model *[SAAS]: Software as a Service *[SaaS]: Software as a Service *[SBOM]: Software Bill of Materials *[SCAP]: Security Content Automation Protocol *[SDLC]: Secure Development Lifecycle *[SDL]: Software Development Lifecycle *[SDR]: Software Defined Radio *[SEC]: U.S. Securities and Exchange Commission *[SEI]: Software Engineering Institute *[SERA]: Security Engineering Risk Analysis *[SIG]: Special Interest Group *[SME]: Subject Matter Expert *[SMTP]: Simple Mail Transfer Protocol *[SNMP]: Simple Network Management Protocol *[SPDX]: Software Package Data Exchange *[SP]: Special Publication *[SR]: Special Report *[SSL]: Secure Sockets Layer *[SSVC]: Stakeholder-Specific Vulnerability Categorization *[STARTTLS]: Start Transport Layer Security, a protocol extension for upgrading a plaintext connection to a secure connection *[StartTLS]: Start Transport Layer Security, a protocol extension for upgrading a plaintext connection to a secure connection *[TCP]: Transmission Control Protocol *[TLP]: Traffic Light Protocol *[TTPs]: Tactics, Techniques, and Procedures *[TTP]: Tactics, Techniques, and Procedures *[TLS]: Transport Layer Security *[TSIG]: Transaction Signature *[TVs]: Televisions *[TV]: Television *[UK]: United Kingdom *[URLs]: Uniform Resource Locators *[URL]: Uniform Resource Locator *[US]: United States *[VAR]: Vulnerability Analysis and Resolution, a process area of the CERT RMM *[VDBs]: Vulnerability Databases *[VDB]: Vulnerability Database *[VDPs]: Vulnerability Disclosure Programs *[VDP]: Vulnerability Disclosure Program *[VINCE]: Vulnerability Information and Coordination Environment *[Vultron]: The Vultron Protocol for CVD Interoperability *[VMs]: Virtual Machines *[VM]: Vulnerability Management *[VRF]: Vulnerability Reporting Form *[VR]: Vulnerability Response *[VU#]: CERT Vulnerability Note *[VXREF]: Vulnerability Cross-Reference *[W3C]: World Wide Web Consortium